Skip Cipher Suite Update on Listeners and Backendsets when Unspecified

Author: pranavsriram8

pkg/cloudprovider/providers/oci/load_balancer_util.go

@@ -440,11 +440,14 @@ func getSSLConfigurationChanges(actual *client.GenericSslConfigurationDetails, d
 	if toBool(actual.VerifyPeerCertificate) != toBool(desired.VerifyPeerCertificate) {
 		sslConfigurationChanges = append(sslConfigurationChanges, fmt.Sprintf(changeFmtStr, "Listener:SSLConfiguration:VerifyPeerCertificate", toBool(actual.VerifyPeerCertificate), toBool(desired.VerifyPeerCertificate)))
 	}
-	if toString(actual.CipherSuiteName) != toString(desired.CipherSuiteName) {
-		sslConfigurationChanges = append(sslConfigurationChanges, fmt.Sprintf(changeFmtStr, "Listener:SSLConfiguration:CipherSuiteName", toString(actual.CipherSuiteName), toString(desired.CipherSuiteName)))
-	}
-	if !reflect.DeepEqual(actual.Protocols, desired.Protocols) {
-		sslConfigurationChanges = append(sslConfigurationChanges, fmt.Sprintf(changeFmtStr, "Listener:SSLConfiguration:Protocols", strings.Join(actual.Protocols, ","), strings.Join(desired.Protocols, ",")))
+
+	if desired.CipherSuiteName != nil && len(*desired.CipherSuiteName) != 0 {
+		if toString(actual.CipherSuiteName) != toString(desired.CipherSuiteName) {
+			sslConfigurationChanges = append(sslConfigurationChanges, fmt.Sprintf(changeFmtStr, "Listener:SSLConfiguration:CipherSuiteName", toString(actual.CipherSuiteName), toString(desired.CipherSuiteName)))
+		}
+		if !reflect.DeepEqual(actual.Protocols, desired.Protocols) {
+			sslConfigurationChanges = append(sslConfigurationChanges, fmt.Sprintf(changeFmtStr, "Listener:SSLConfiguration:Protocols", strings.Join(actual.Protocols, ","), strings.Join(desired.Protocols, ",")))
+		}
 	}
 
 	return sslConfigurationChanges

pkg/cloudprovider/providers/oci/load_balancer_util_test.go

@@ -2155,25 +2155,54 @@ func TestGetSSLConfigurationChanges(t *testing.T) {
 		{
 			name: "Protocol Changed",
 			desired: client.GenericSslConfigurationDetails{
-				Protocols: []string{"TLSv1.2"},
+				CipherSuiteName: common.String("value"),
+				Protocols:       []string{"TLSv1.2"},
+			},
+			actual: client.GenericSslConfigurationDetails{
+				CipherSuiteName: common.String("value"),
 			},
-			actual: client.GenericSslConfigurationDetails{},
 			expected: []string{
 				fmt.Sprintf(changeFmtStr, "Listener:SSLConfiguration:Protocols", "", "TLSv1.2"),
 			},
 		},
 		{
 			name: "TLS Protocol Changed",
 			desired: client.GenericSslConfigurationDetails{
-				Protocols: []string{"TLSv1.1", "TLSv1.2"},
+				CipherSuiteName: common.String("value"),
+				Protocols:       []string{"TLSv1.1", "TLSv1.2"},
 			},
 			actual: client.GenericSslConfigurationDetails{
-				Protocols: []string{"TLSv1.1", "TLSv1.2", "TLSv1.3"},
+				CipherSuiteName: common.String("value"),
+				Protocols:       []string{"TLSv1.1", "TLSv1.2", "TLSv1.3"},
 			},
 			expected: []string{
 				fmt.Sprintf(changeFmtStr, "Listener:SSLConfiguration:Protocols", "", "TLSv1.2"),
 			},
 		},
+		{
+			name: "Empty ciphersuite test",
+			desired: client.GenericSslConfigurationDetails{
+				CipherSuiteName: common.String(""),
+				Protocols:       []string{"TLSv1.1", "TLSv1.2"},
+			},
+			actual: client.GenericSslConfigurationDetails{
+				CipherSuiteName: common.String("value"),
+				Protocols:       []string{"TLSv1.1", "TLSv1.2", "TLSv1.3"},
+			},
+			expected: []string{},
+		},
+		{
+			name: "Default scenario, nil value",
+			desired: client.GenericSslConfigurationDetails{
+				CipherSuiteName: nil,
+				Protocols:       []string{"TLSv1.1", "TLSv1.2"},
+			},
+			actual: client.GenericSslConfigurationDetails{
+				CipherSuiteName: common.String("value"),
+				Protocols:       []string{"TLSv1.1", "TLSv1.2", "TLSv1.3"},
+			},
+			expected: []string{},
+		},
 	}
 
 	for _, tt := range testCases {